2 if (!$_SESSION['creds']['validated'] && !isset($_GET['f']))
5 require_once("squasher.class.php");
7 $squashweb = new squashweb();
9 $squashweb->update_history();
11 $requestpath = @$_GET['path'];
12 if (!$requestpath || strlen($requestpath)<1 || $requestpath[0]!='/') {
16 if (@$_GET['f'] || @$_GET['tools']=='hide' || @$_GET['tools']=='unhide' || @$_GET['tools']=='delete') {
24 //update folder rights if form is posted
25 if (@$_POST['edited_user'] > 0 && @$_POST['formtype'] == 'folderrights')
26 $squashweb->update_rights($_POST['edited_user'], $_POST['m'], $_SESSION['creds']['user_level']);
30 $squashweb->give_rights(-1); // full access
32 $squashweb->give_rights($_SESSION['creds']['user_id']);
36 $f_q = "SELECT * FROM file_hash WHERE md5_hash = '".mysql_escape_string($_GET['f'])."'";
37 $f_r = mysql_query($f_q);
38 $f_o = mysql_fetch_object($f_r);
41 @mysql_query("INSERT INTO log (hash,file,action,user_id,user_name,ip,date) VALUES ('".mysql_escape_string($_GET['f'])."','".mysql_escape_string($f_o->file)."','download','".mysql_escape_string($_SESSION['creds']['user_id'])."','".mysql_escape_string($_SESSION['creds']['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())");
43 $_hpath_arr=explode("/", $f_o->file);
44 $file=array_pop($_hpath_arr); //Remove filename
45 $path=implode("/", $_hpath_arr);
46 $squashweb->read_single_file($path, $file);
47 #$squashweb->read_directory($path, false, true, false, false);
49 //parse folders for readable files
50 $squashweb->read_directory($requestpath, true, true, $getdeepfiles, $populate);
53 //check if a file is requested
55 //get the config of requested file
56 $request = $squashweb->get_config($_GET['f']);
59 #header('Cache-control: private');
60 header('Content-Disposition: attachment; filename="'.$request[2].'"');
61 header("Content-Type: ".$request['mime']);
63 header('Content-Length: '.$request[3]);
66 $squashweb->print_files($request['path'], $request[2]);
68 } elseif (@$_GET['tools']=="hide" && @$_GET['h']) {
69 if ($_SESSION['creds']['user_level'] > 99) {
70 $request = $squashweb->get_config($_GET['h']);
71 $handle = fopen(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden', 'x');
72 fwrite($handle, 'hidden by '.$_SESSION['creds']['user_name']);
74 $path=$request['path'];
75 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
77 } elseif (@$_GET['tools']=="unhide" && isset($_GET['h'])) {
78 if ($_SESSION['creds']['user_level'] > 99) {
79 $request = $squashweb->get_config($_GET['h']);
80 @unlink(SQUASHER_UPLOADS_DIR.$request['path'].'/'.$request[2].'.hidden');
81 $path=$request['path'];
82 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path) ;
84 } elseif (@$_GET['tools']=="delete" && isset($_GET['h'])) {
85 if ($_SESSION['creds']['user_level'] > 99) {
86 if ($_GET['h'] == "multiple") {
87 $h_post = $_POST['h'];
88 foreach ($h_post as $h_key => $h) {
89 $request = $squashweb->get_config($h);
90 $squashweb->delete_file($h, $_SESSION['creds']);
94 $request = $squashweb->get_config($h);
95 $squashweb->delete_file($h, $_SESSION['creds']);
97 $path=$request['path'];
98 header( 'Location: '.$_SERVER['PHP_SELF'].'?path='.$path);
101 } elseif (@$_POST['tools']=="mkdir" && isset($_GET['path']) && isset($_POST['newname']) && $_SESSION['creds']['user_level'] > 99) {
102 $path = $_GET['path'];
103 $newname = $_POST['newname'];
104 $subs = explode('/', $path);
105 if (in_array('..', $subs))
106 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
107 if ($squashweb->got_rights_array_admin($path) > 0) {
108 umask(002); // don't remove g+w
109 mkdir(SQUASHER_UPLOADS_DIR.$path.'/'.$newname);
111 header( 'Location: ?path='.$path.'/'.$newname) ;
113 } elseif (@$_POST['tools']=="rmdir" && isset($_GET['path']) && $_SESSION['creds']['user_level'] > 99) {
114 $path = $_GET['path'];
115 $subs = explode('/', $path);
116 if (in_array('..', $subs))
117 die(); // Hard fails when trying to play above SQUASHER_UPLOADS_DIR
118 if ($squashweb->got_rights_array_admin($path) > 0) {
119 rmdir(SQUASHER_UPLOADS_DIR.$path);
122 $path=implode("/", $subs);
123 header( 'Location: ?path='.$path) ;
125 } elseif (@$_GET['tools']=='access' && $_SESSION['creds']['user_level'] > 100) {
127 $smarty = get_smarty();
129 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
130 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
131 $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
133 $smarty->assign('edited_user', @$_GET['user']);
135 $tree = $squashweb->show_rights_tree($requestpath, 0, @$_GET['user']);
137 $smarty->assign('style', $tree['style']);
138 $smarty->assign('layout', $tree['layout']);
140 $smarty->assign('debug', @$_GET['debug']);
141 $smarty->assign('folderrights', $squashweb->folderrights());
142 $smarty->assign('userrights', $squashweb->userrights());
143 $smarty->display('admin.tpl');
145 } elseif (@$_GET['tools']=='users' && $_SESSION['creds']['user_level'] > 100) {
146 $type = @$_POST['type'];
148 $squashweb->update_users($_POST['u']);
149 if ($type=="disable")
150 $squashweb->disable_users($_POST['u']);
152 $squashweb->remove_users($_POST['u']);
154 $squashweb->insert_users($_POST['u'], $_SESSION['creds']['user_level']);
155 $smarty = get_smarty();
157 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
158 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
159 $smarty->assign('users', $squashweb->get_users($_SESSION['creds']['user_level']));
161 if ($_SESSION['creds']['user_level'] > 199) {
162 $smarty->assign('user_levels', array(155 => 'admin' , 55 => 'user' ) );
164 $smarty->assign('user_levels', array(55 => 'user' ) );
166 $smarty->assign('debug', @$_GET['debug']);
168 $smarty->display('udmin.tpl');
170 } elseif (@$_GET['tools']=='logs' && $_SESSION['creds']['user_level'] > 100) {
171 $logtype=@$_GET['logtype'];
175 $smarty = get_smarty();
177 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
178 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
179 $smarty->assign('logtype', $logtype);
180 $smarty->assign('logs', $squashweb->get_logs($logtype));
182 $smarty->assign('debug', @$_GET['debug']);
183 $smarty->display('logs.tpl');
188 $smarty = get_smarty();
197 * [6] -> CRC32 checksum
200 $configs_num = $squashweb->get_configs();
201 $configs_sorted = named_records_sort($configs_num, 'lastchange', true);
205 foreach ($configs_sorted as $key => $value) {
206 $configs[$key]['squashed'] = $value['squashed'];
207 $configs[$key]['version'] = $value[0];
208 //$configs[$key]['date'] = $value[1]; //removed because user local creation date is irrelevant
209 $configs[$key]['name'] = $value[2];
210 $configs[$key]['size'] = $value[3];
211 $configs[$key]['chunk_size'] = $value[4];
212 $configs[$key]['chunks'] = $value[5];
213 $configs[$key]['crc'] = $value[6];
214 (strpos($value['mime'],'ideo')) ? $embedable=true : $embedable=false;
215 (@array_sum($value['stats']) == $value[5]) ? $finished=true : $finished=false;
217 $configs[$key]['embedable'] = $embedable;
218 $configs[$key]['finished'] = $finished;
219 $configs[$key]['mime'] = $value['mime'];
220 $configs[$key]['status'] = $value['status'];
221 $configs[$key]['hidden'] = $value['hidden'];
222 $configs[$key]['chunks_finished'] = @array_sum($value['stats']);
224 $configs[$key]['chunks_partial'] = $configs[$key]['chunks_finished'];
227 foreach($value['stats'] as $sk => $sv) {
229 $configs[$key]['chunks_partial'] = $configs[$key]['chunks_partial']+$sv;
230 if ($sv != '1.00') $continue=false;
234 $configs[$key]['date'] = date('d.m.y - H:i:s - T', $value['added']);
235 $configs[$key]['lastchange'] = date('d.m.y - H:i:s - T', $value['lastchange']);
240 $basepath['/'] = 'top';
242 foreach (explode('/', $requestpath) as $key => $value) {
244 $bpath .= '/'.$value;
245 $basepath[$bpath] = $value;
248 $smarty->assign('debug', @$_GET['debug']);
249 $smarty->assign('user_level', $_SESSION['creds']['user_level']);
250 $smarty->assign('user_name', $_SESSION['creds']['user_name']);
251 $smarty->assign('folderrights', $squashweb->folderrights());
253 $smarty->assign('squashed', $configs);
254 $smarty->assign('base', $basepath);
255 $smarty->assign('currentfolder', $requestpath);
256 $subs = $squashweb->subfolders();
259 $smarty->assign('subfolders', $subs);
261 //if(@$_GET[debug]) print_r($configs);
262 $smarty->display('index.tpl'); //Display normal template
265 // vim: syntax=php ts=4 sw=4 sts=4 sr noet